• Stars
    star
    183
  • Rank 210,154 (Top 5 %)
  • Language
    Python
  • License
    MIT License
  • Created over 4 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This repository contains code to create a ELK stack with certificates & security enabled using docker-compose

elk-tls-docker

This docker-compose project will assist with setting up and creating a ELK stack using either self-signed TLS certificates or using LetsEncrypt certificates for communications. In general you get HTTPS for all services.

Please checkout our WiKi for detailed explanation of the project structure, configuration settings, and more.

Environment Details

This project was built so that you can test and use built-in features under Elastic Security, like detections, signals, cases, and other features.

This docker-compose project will create the following Elastic containers based on version 7.12.0:

  • Elasticsearch
  • Logstash
  • Kibana
  • Packetbeat
  • Filebeat
  • Elastic Agent (Ubuntu 20.04)
  • Metricbeat

Setup

In order to use this project, you must first include the following in a file named .env. I have provided an example environment variable file here .env-example.

Copy or create your own .env from the provided example or from the code block below

ELK_VERSION=7.15.0
ELASTIC_USERNAME=elastic
ELASTIC_PASSWORD=some_password

# Configuration Variables
ELASTICSEARCH_HEAP=2g
LOGSTASH_HEAP=1g
PACKETBEAT_HEAP=256m
FILEBEAT_HEAP=256m
METRICBEAT_HEAP=256m
XPACK_ENCRYPTION_KEY=somesuperlongstringlikethisoneMQBbtsynu4bV2uxLy

# Self signed TLS certificates
CA_PASSWORD=some_password
CA_DAYS=3650
ELASTIC_DIR=/usr/share/elasticsearch
LOGSTASH_DIR=/usr/share/logstash
KIBANA_DIR=/usr/share/kibana
PACKETBEAT_DIR=/usr/share/packetbeat
FILEBEAT_DIR=/usr/share/filebeat
METRICBEAT_DIR=/usr/share/metricbeat

# Letsencrypt certificates
## Setting STAGING to true means it will generate self-signed certificates
## Setting STAGING to false means it will generate letsencrypt certificates
# STAGING=false
STAGING=true

# swag Configuration
#DOMAIN=mydomain.com
#SUBDOMAIN=kibana
#SUBFOLDER=kibana
#[email protected]
#TIMEZONE=America/Chicago

Note: You may need to change the size of the HEAP variables in the above configuration file based on your system requirements. The settings present are for a machine with 8GB of memory

Additionally, you must either clone this repository or download the entire repository in order to build and run these containers.

You can find more documentation about these settings in our WiKi

Keystore

Before we build or create our containers we first need to create our keystore and certificates. You can do this using the docker-compose.setup.yml yaml file. If you run into issues you can see the associated documentation in our WiKi Page about Certificates or create an issue in this repository.

Creating Keystore for self-signed certificates

By default creation of self-signed certificates is used and makes the most sense when testing out this project. To do so you simply run the following command first:

docker-compose -f docker-compose.setup.yml run --rm certs

Please see our documentation about Setup using self-signed certificates.

Creating Keystore & Certificates for production

If you are wanting to deploy this project in a production like environment, please see our documentation Setup using Letsencrypt.

Running a development environment

Now, that you have your keys/certs and passwords set we can then just restart the containers by running:

docker-compose up -d

You should be able to login into the ELK stack and be on your way.

You can find additioanl information about the environments that are created on your Environment Details WiKi page.

Running a production environment

Here is a walkthrough on setting up a production-like environment using LetsEncrypt.

You should be able to login into the ELK stack and be on your way.

You can find additioanl information about the environments that are created on your Environment Details WiKi page.

Common Issues

Please see our WiKi documentation for the most Common Issues I have seen through testing and usage of this project.

To remove all images from your system run: docker rmi $(docker images -a -q) To remove all volumes from your system run: docker volume prune

Enabling features

This project provides a few (continually adding as needed & requested) helper scripts that assist with enabling specific features within Elastic Kibana SIEM featureset as well as adding test data to your Elasticsearch instance.

Please see our Enabling Features page in our Wiki

Road Map

Below are a list of features that are being planned for future releases:

  • Adding additional services from Elastic
  • Adding certificate authentication for external usage

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Versioning

We use SemVer for versioning.

Change Log

Please read CHANGELOG.md for details on features for a specific version of elk-tls-docker

Authors

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE file for details

More Repositories

1

ngx-datatable

✨ A feature-rich yet lightweight data-table crafted for Angular
TypeScript
4,625
star
2

ngx-charts

πŸ“Š Declarative Charting Framework for Angular
TypeScript
4,285
star
3

ngx-graph

Graph visualization library for angular
TypeScript
927
star
4

ngx-ui

πŸš€ Style and Component Library for Angular
TypeScript
705
star
5

angular-data-table

A feature-rich but lightweight ES6 AngularJS Data Table crafted for large data sets!
JavaScript
577
star
6

ngx-dnd

πŸ•Ά Drag, Drop and Sorting Library for Angular2 and beyond!
TypeScript
574
star
7

pyattck

A Python package to interact with the Mitre ATT&CK Framework
Python
468
star
8

node-microservice-demo

✨ Example project for Micro-services w/ Node + TypeScript + Express + Swagger + Docker
TypeScript
446
star
9

angular-model-factory

angular-model-factory makes working with RESTful APIs in AngularJS easy!
JavaScript
230
star
10

angular1-systemjs-seed

AngularJS 1.x + SystemJS Seed
JavaScript
210
star
11

soc-faker

A python package for use in generating fake data for SOC and security automation.
Python
158
star
12

atomic-operator

A Python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments.
Python
136
star
13

trafficlight

🚦 Flexible NodeJS Routing Decorators for API Routing
TypeScript
73
star
14

mongtype

πŸš€ MongoDB Repository Pattern for Node written in TypeScript
TypeScript
65
star
15

ng1-ng4-webpack-lazy-uirouter

😁 Angular1 + Angular4 + Webpack2 + UI-Router + Lazy Loading + Babel
JavaScript
55
star
16

DocSPA

A documentation SPA in Angular.
TypeScript
46
star
17

coconspirators

πŸ“ž Microservice framework for RabbitMQ written in TypeScript
TypeScript
43
star
18

systemjs-route-bundler

SystemJS Route-Driven Bundler
JavaScript
41
star
19

PSAttck

PSAttck is a light-weight framework for the MITRE ATT&CK Framework.
PowerShell
38
star
20

trawl

A utility to trawl phishing domains and attempt to identify phishing kits as well as other malicious activity
Python
36
star
21

pyews

A Python package to interact with the both on-premises and Office 365 Exchange Web Services
Python
32
star
22

swimlane-python

🐍 Official Python client for the Swimlane API
Python
32
star
23

ngx-cron

πŸ•’ User-friendly cron input...
TypeScript
32
star
24

qswag

Fast & Light Swagger generator for .NET Core
C#
28
star
25

ngx-charts-builder

πŸš€ Chart Builder for ngx-charts!
TypeScript
26
star
26

graphish

A Python package to search & delete messages from mailboxes in Office 365 using Microsoft Graph API
Python
25
star
27

makobot

🚨 Slack bot for cyber-security phishing
Python
21
star
28

el-segundo

πŸ’© I don't always do dirty checking, but when I do, I use El Segundo.
JavaScript
20
star
29

python-office365

πŸ’Ό Office 365 REST API wrapper. Strongly typed.
Python
19
star
30

swagger-changelog

Generate a changelog between two versions of a swagger spec
JavaScript
17
star
31

pyattck-data

This repository contains generated contextual data utilized by pyattck.
Python
17
star
32

cy-mockapi

Easily mock your REST API in Cypress using fixtures
TypeScript
16
star
33

CLAW

A packer utility to create and capture DFIR Image for use AWS & Azure
Shell
14
star
34

PSCVSS

A Windows PowerShell & PowerShell Core Module to calculate a CVSS3 Score based on a Vector string
PowerShell
12
star
35

pkgdrop

Easy deployment of ES modules without external connection needed at runtime
TypeScript
12
star
36

deepdive-domain-data

This repository contains data related to coronavirus & COVID-19 based domains identified by Swimlane's DeepDive research team
Python
11
star
37

ng-context-menu

Originally ianwalter/ng-context-menu
JavaScript
11
star
38

ngx-charts-dashboard

TypeScript
10
star
39

cy-dom-diff

Allows matching chunks of DOM against HTML; including dynamic content.
TypeScript
9
star
40

gulp-dotnet

GulpJS plugin for DOTNET Core that builds, starts and updates
JavaScript
7
star
41

obfuscator

πŸ— Obfuscate values based on JSON Schemas
TypeScript
6
star
42

swinger

Swagger aggregation for microservices
TypeScript
5
star
43

lint-rules

A collection of lint rules used in Swimlane Development Projects πŸ“πŸΌ
4
star
44

rql-to-mongo

TypeScript
4
star
45

ews-builder

A Python package to build EWS SOAP request bodies from EWS WSDL
Python
3
star
46

atomic-operator-runner

A Python package used to run code remotely.
Python
3
star
47

blog-resources

This repository contains examples and references used by Swimlane Security Research Engineering
PowerShell
3
star
48

attck

This repository contains documentation for pyattck & PSAttck
JavaScript
2
star
49

prettier-config-swimlane

πŸ’„ Prettier configuration used in Swimlane projects.
JavaScript
2
star
50

R4T4

Roslyn code dom provider for T4 templates
C#
2
star
51

swimlane-learnupon

A python package for interacting with the LearnUpon LMS
Python
2
star
52

pyattck-data-models

A Python package containing data models for pyattck
Python
2
star
53

sw_sixgill_darkfeed

Python
2
star
54

turbine-environment-validator

Turbine Environment Validator
Python
1
star
55

sw_sixgill_dve_enrich

Python
1
star
56

swimmy

Swimmy is a Slack bot to interact with a Swimlane instance
Python
1
star
57

rabbitmq-docker

1
star
58

splunkapi3

Splunk API for Python 3.5
Python
1
star
59

docspa-starter

TypeScript
1
star
60

orient-client

Swimlane fork of OrientDB Client
C#
1
star
61

docker-login-tag-push-action

Github action for republishing docker image to a different repository,
1
star
62

prettier-setup

πŸ’… A CLI tool for adding Prettier to projects.
JavaScript
1
star
63

sw_sixgill_dvefeed_ingestion

Python
1
star
64

sla_calculator

A python module that will calculate the sla time based on working hours and holidays.
Python
1
star
65

sw_sixgill_actionable_alerts

Python
1
star
66

swimlane-environment-validator

Python
1
star
67

techpubs-knowledgecenter

HTML
1
star
68

eslint-config

Rules for eslint used in Swimlane's Javascript (etc) development.
JavaScript
1
star